﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using EFFC.Net.Data.Base;
using EFFC.Net.Common;
using System.Web;

namespace EFFC.Net.WebSecurity
{
    public class SecurityStrategyBase
    {
        /// <summary>
        /// 对url进行比对过滤，处理是否有注入的情况
        /// </summary>
        /// <param name="url"></param>
        /// <returns></returns>
        public virtual bool IsValidUrl(string url)
        {
            string hosthttp = HttpContext.Current.Request.ServerVariables["http_host"].ToString();
            string strreg = "(?<=http://)[^/]+(?=/)";
            RegexStd reg = new RegexStd(strreg);
            if (reg.Matches(url).Count > 1)
            {
                return false;
            }
            else
            {
                string urlhttphost = ComFunc.nvl(reg.Match(url));
                if (urlhttphost == "" || urlhttphost == hosthttp)
                {
                    return true;
                }
                else
                {
                    return false;
                }
            }
        }
    }
}
